SECURITYCYBERSCOOP
Open-source security is posing challenges governments can’t easily solve
An increase in cyberattacks on open-source software highlights challenges in securing publicly available code, with experts citing underinvestment and maintenance issues. Governments under different administrations have had mixed impacts, while companies also face criticism for insufficient responsibility. Project Glasswing identified thousands of vulnerabilities in open-source projects, but only a small fraction have been patched.
Mentioned
Related Signal
Adjacent reporting
- Open-Source Security: How Digital Infrastructure Is Built on a House of Cards - Lawfare
- Project Glasswing and open source software: The good, the bad, and the ugly
- CISA chief frets about open-source vulnerabilities, delayed security improvements
- Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack
- Welcome to the Strip Mining Era of OSS Security
- The EOL Blind Spot in Your CVE Feed: What SCA Tools Miss